Re: Does Debian need to enforce a better Security policy for packages?
On Mon, Oct 22, 2001 at 06:46:19PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> I just made an empty package with dh_make with only a postinst
> having 'rm -rf /'. Lintian says:
> $ lintian test-rm*deb
> E: test-rm: description-is-dh_make-template
> E: test-rm: helper-templates-in-copyright
> W: test-rm: readme-debian-is-debmake-template
> W: test-rm: unknown-section unknown
Lintian only checks for mistakes. If you make it try to check for
maliciousness, then the malicious packager will just make his/her trojan
more obscure to foil it - thus making it harder for the casual observer
to tell that there's a trojan there.
This is a social problem. I don't think a purely technical solution is
Colin Watson [firstname.lastname@example.org]